The Daily ECG

Privacy Policy

Last updated: April 29, 2026

This Privacy Policy explains how The Daily ECG ("we", "us", "our") collects, uses, and protects information when you use our website and services (the "Service").

1. Who we are

The Daily ECG is an educational game for interpreting 12-lead electrocardiograms. For any privacy-related question, contact us through the in-app feedback form.

2. Data we collect

  • Account data: email address, username, and authentication identifiers (e.g., Google OAuth ID).
  • Gameplay data: attempts, results, streaks, statistics, and timestamps.
  • Optional profile data: country, profession (if you provide it).
  • Technical data: browser type, device type, IP address (collected by our hosting provider for security and abuse prevention).
  • Feedback: messages you submit voluntarily through the help/feedback form.

3. How we use your data

  • To provide and maintain the Service (login, daily challenges, stats, leaderboard).
  • To compute and display global rankings.
  • To send optional browser notifications (only if you opt in).
  • To prevent fraud, abuse, and security incidents.
  • To improve the Service based on aggregated usage patterns.

4. Legal basis (GDPR)

We process your data based on (a) the contract for providing the Service when you create an account, (b) your consent for optional features (e.g. notifications), and (c) our legitimate interest in keeping the Service secure and improving it.

5. Data sharing

We do not sell your personal data. We share data only with:

  • Infrastructure providers (hosting, database, authentication) acting as data processors under contract.
  • Authorities, when legally required.

6. Data retention

We keep your account data while your account is active. You may request deletion of your account at any time, after which personal data will be removed within 30 days (except where retention is legally required).

7. Your rights

Under GDPR and similar laws, you have the right to:

  • Access, correct, or delete your personal data.
  • Object to or restrict certain processing.
  • Receive a copy of your data (portability).
  • Withdraw consent at any time.
  • Lodge a complaint with your local data protection authority.

8. Cookies and local storage

We use essential cookies and local storage to keep you logged in and remember your preferences (e.g. theme). We do not use advertising or third-party tracking cookies.

9. Children

The Service is not directed to children under 16. If you believe a child has provided us with personal data, contact us so we can delete it.

10. International transfers

Data may be processed in countries other than yours. We rely on infrastructure providers that implement appropriate safeguards.

11. Security

We use industry-standard measures (encrypted connections, row-level security on the database, hashed credentials) to protect your data. No system is 100% secure.

12. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent changes.

13. Contact

For privacy questions or to exercise your rights, contact us via the in-app feedback form.